USN-4048-1: Docker vulnerabilities

Reference Links

• https://ubuntu.com/security/CVE-2018-15664
• https://ubuntu.com/security/CVE-2019-5736
• https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.4
• https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.10.3
• https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.3
• https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4
• https://ubuntu.com/security/notices/USN-4048-1 (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

• CVE-2018-15664
• CVE-2019-5736

Frequently Asked Questions

• What is the vulnerability ID for this Docker vulnerability?

  The vulnerability ID for this Docker vulnerability is CVE-2018-15664 and CVE-2019-5736.

• What is the severity of this Docker vulnerability?

  The severity of this Docker vulnerability is critical.

• How does this Docker vulnerability impact the system?

  This Docker vulnerability allows an attacker to perform directory traversal attacks and read/write arbitrary files on the host filesystem as root.

• Which versions of Docker are affected by this vulnerability?

  Docker versions 18.09.7-0ubuntu1~19.04.4, 18.09.7-0ubuntu1~18.10.3, 18.09.7-0ubuntu1~18.04.3, and 18.09.7-0ubuntu1~16.04.4 are affected by this vulnerability.

• How can I fix this Docker vulnerability?

  To fix this Docker vulnerability, update to version 18.09.7-0ubuntu1~19.04.4 for Ubuntu 19.04, version 18.09.7-0ubuntu1~18.10.3 for Ubuntu 18.10, version 18.09.7-0ubuntu1~18.04.3 for Ubuntu 18.04, or version 18.09.7-0ubuntu1~16.04.4 for Ubuntu 16.04.